Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Fund nach Wiederherstellung wegen GVU Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.12.2012, 17:56   #1
eckenecke
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Moin,

nachdem ich heute plötzlich den GVU Trojaner hatte, habe ich das System drei Tage zurückgesetzt und der Sperrbildschirm war wieder weg. Nach einem Scan mit Antimalwarebytes zeigte es mir allerdings einen Fund an.

Ich habe alle vorher geforderten Programme ausgeführt...kann mir bitte jemand helfen, was nun entfernt werden muss?

PS: Ich habe die GMER Log Datei auf dem Desktop. Die ist aber leider viel zu groß, um sie als CODE zu posten.

Danke und Gruß

defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:03 on 20/12/2012 (XXX)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL:
Code:
ATTFilter
OTL logfile created on: 20.12.2012 16:05:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,28% Memory free
5,99 Gb Paging File | 4,51 Gb Available in Paging File | 75,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 150,70 Gb Free Space | 64,71% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.20 16:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 09:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 09:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011.08.03 14:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Programme\TightVNC\tvnserver.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.22 12:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.03.23 14:53:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2010.03.23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
PRC - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.10.28 10:35:48 | 000,425,984 | ---- | M] (Bao_Nguyen) -- C:\Programme\Switcher\Switcher.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.15 16:04:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.15 16:04:23 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.15 16:03:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.15 16:03:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.15 16:03:50 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.15 16:03:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.01.09 19:44:20 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.08.20 12:35:48 | 007,745,536 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2009.08.20 12:35:46 | 002,121,728 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
MOD - [2009.08.20 12:35:46 | 000,135,168 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.12 13:05:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.01 22:56:11 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012.04.05 17:03:00 | 003,969,336 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.08.03 14:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Programme\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.02.22 12:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.09 03:04:02 | 000,131,888 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2010.03.23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\CHRIST~1\AppData\Local\Temp\pxldapow.sys -- (pxldapow)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.02.19 22:05:41 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.10.15 09:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.09.07 10:18:26 | 000,059,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.07.08 00:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011.02.22 12:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011.02.22 12:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011.02.22 12:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.03.23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.06.16 13:00:16 | 000,013,312 | ---- | M] (Insyde Software) [Kernel | On_Demand | Stopped] -- C:\swsetup\sp45138\iscflash.sys -- (iscFlash)
DRV - [2009.04.29 08:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008.10.22 17:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.09.04 17:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 A3 2C CE E7 EC CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.01 15:21:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.01 22:56:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.20 15:55:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.01 22:56:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.20 15:55:39 | 000,000,000 | ---D | M]
 
[2012.02.16 22:34:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2012.12.01 22:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\nlsgw1ek.default\extensions
[2012.10.04 11:22:34 | 000,000,000 | ---D | M] (WOT) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\nlsgw1ek.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.02.18 22:41:39 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\nlsgw1ek.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.09.15 12:15:18 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\nlsgw1ek.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2012.12.01 22:56:58 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\nlsgw1ek.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.12.01 22:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.01 15:21:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.12.01 22:56:11 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.15 16:26:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Programme\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Programme\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Programme\WOT\WOT.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Switcher] C:\Program Files\Switcher\Switcher.exe (Bao_Nguyen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB8CA8A4-A4E3-407F-AA8B-851639DBD9EF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Programme\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.20 16:00:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012.12.13 00:23:35 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2012.12.01 22:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.02.28 14:40:50 | 000,317,200 | ---- | C] (AVAST Software) -- C:\Users\XXX\aswclear5.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.20 16:05:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.20 16:03:01 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable
[2012.12.20 16:02:28 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 16:02:28 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 16:01:18 | 000,302,592 | ---- | M] () -- C:\Users\XXX\Desktop\ggxisn62.exe
[2012.12.20 16:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe
[2012.12.20 16:00:21 | 000,050,477 | ---- | M] () -- C:\Users\XXX\Desktop\Defogger.exe
[2012.12.20 15:58:57 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.20 15:58:57 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.12.20 15:57:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.20 15:56:34 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.20 15:49:46 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.13 08:43:09 | 003,846,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.12 21:13:11 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.12 21:13:11 | 000,653,540 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2012.12.12 21:13:11 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.12 21:13:11 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.12 21:13:11 | 000,141,360 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2012.12.12 21:13:11 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.20 16:03:01 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable
[2012.12.20 16:01:17 | 000,302,592 | ---- | C] () -- C:\Users\XXX\Desktop\ggxisn62.exe
[2012.12.20 16:00:20 | 000,050,477 | ---- | C] () -- C:\Users\XXX\Desktop\Defogger.exe
[2012.12.20 15:58:57 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.12.20 15:46:49 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.12 21:20:38 | 000,004,148 | ---- | C] () -- C:\Windows\System32\psmodulediscoveryprovider.mof
[2012.12.12 21:20:31 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012.12.12 21:20:08 | 000,204,105 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012.10.10 21:24:16 | 1448,655,544 | ---- | C] () -- C:\Users\XXX\FIFA+2013-v1.0.2-tang15111_2.ipa
[2012.07.10 19:11:25 | 1186,380,194 | ---- | C] () -- C:\Users\XXX\Asphalt-7-Heat-v1.0.0-most_uniQue.ipa
[2012.03.27 12:32:25 | 000,406,528 | ---- | C] () -- C:\Users\XXX\Switcher-2.0.0.2705.msi
[2012.03.08 09:58:05 | 000,000,492 | RHS- | C] () -- C:\Users\XXX\ntuser.pol
[2012.03.07 20:55:48 | 000,000,600 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\winscp.rnd
[2012.02.20 20:13:59 | 000,210,518 | ---- | C] () -- C:\Users\XXX\Winamp.m3u
[2012.02.19 20:25:32 | 000,002,306 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.02.19 20:08:26 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.02.18 21:48:15 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2012.02.18 21:48:13 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2012.02.18 21:48:13 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2012.02.18 21:48:13 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2012.02.17 19:37:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.02.17 19:35:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.02.16 22:28:58 | 000,653,540 | ---- | C] () -- C:\Windows\System32\perfh01D.dat
[2012.02.16 22:28:58 | 000,294,764 | ---- | C] () -- C:\Windows\System32\perfi01D.dat
[2012.02.16 22:28:58 | 000,141,360 | ---- | C] () -- C:\Windows\System32\perfc01D.dat
[2012.02.16 22:28:58 | 000,037,052 | ---- | C] () -- C:\Windows\System32\perfd01D.dat
[2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 14:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.03.27 12:37:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Bao_Nguyen
[2012.06.14 18:55:41 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.07.15 12:24:53 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DAEMON Tools Lite
[2012.07.15 11:26:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DiskAid
[2012.03.21 10:13:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Dropbox
[2012.07.15 11:58:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\GHISLER
[2012.12.20 15:47:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ
[2012.07.30 21:14:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\iFunbox_UserCache
[2012.07.15 15:46:21 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\redsn0w
[2012.03.07 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Software4u
[2012.02.29 21:01:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.09.09 13:43:49 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TestApp
[2012.03.17 21:32:36 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TightVNC
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 164 bytes -> C:\Users\XXX\Documents\Bild.jpg: 3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\XXX\Documents\Bild (2).jpg: 3or4kl4x13tuuug3Byamue2s4b

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 20.12.2012 16:05:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXX\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,28% Memory free
5,99 Gb Paging File | 4,51 Gb Available in Paging File | 75,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 150,70 Gb Free Space | 64,71% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C7210B7-28B0-4F73-AF12-DBEF14FEE561}" = lport=56137 | protocol=6 | dir=in | name=pando media booster | 
"{31F3D821-9DB8-4EEB-98B1-034EF0188C59}" = lport=56137 | protocol=6 | dir=in | name=pando media booster | 
"{3A8D47CD-4F2A-4F58-91C4-6A8E09254AA3}" = lport=56137 | protocol=17 | dir=in | name=pando media booster | 
"{533F409D-F560-4320-8FED-502724FCA3A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{A96C97AD-E575-472D-BD0B-3EB7C136EF30}" = lport=56137 | protocol=17 | dir=in | name=pando media booster | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B5005B4-5A74-4092-BD5E-33B94B41E208}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2D63840C-5095-41E0-8737-EAE5AF8083F4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{412317DD-9A3E-4AB6-A32D-B969220F8960}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{45E7011E-62E8-45FD-A6CF-221A3914621F}" = protocol=6 | dir=in | app=c:\program files\tightvnc\vncviewer.exe | 
"{45EC8BD8-63EB-449C-AC5E-DD898E8131B9}" = protocol=6 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5461B2A1-2663-4A23-9AF6-4A0AA08B59F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{563086BF-09C1-4E6B-AB34-B59332CB23B7}" = protocol=6 | dir=in | app=c:\program files\tightvnc\tvnserver.exe | 
"{7C16F315-811E-4F1F-BAFD-5B8907E75FC3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{7E6B67C5-BDF0-40E9-9832-23E92698E348}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8A0E16B6-7592-40B3-8B37-5EC259329445}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9956C2BD-A59B-492C-B94B-101BD25309CC}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{9C7704AE-0B9E-4A44-8F3F-F2144A30AE46}" = protocol=17 | dir=in | app=c:\users\XXX\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A5C61A67-FF8B-4729-BBF8-B034643B8D33}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{A6219168-D0E9-4037-BF0C-F24B2CE7DE81}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{AB8F456B-F097-4399-B381-D4E4F160B3B9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B6BE606C-3554-4E24-8E65-31594A8DC537}" = protocol=17 | dir=in | app=c:\program files\tightvnc\vncviewer.exe | 
"{BA215A7F-96F1-4745-8C97-2D9695F3F03B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BBA9658B-D60B-4F12-85A0-7BA39A075667}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CC76B77B-E3FE-48A0-AB96-1A3CEC1447AD}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{D3CE5ED7-6BED-4CD3-A183-20B403D752C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D61D96B5-8BAC-43A7-85E7-3FFBE60DF131}" = protocol=17 | dir=in | app=c:\program files\tightvnc\tvnserver.exe | 
"{E52393A1-DA10-4992-94E8-86C948900F3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E5F25619-0131-4E51-8481-485D84E71D57}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F1ADC190-4846-4E51-A8AE-702CD95ECE35}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"{F5235BC3-C0AD-4DB0-80DC-316E2461FEDC}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{333F8223-92C0-40AC-A49A-D21C54DBAB5B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{532E7AAC-D69B-4E43-8709-3CF55154278B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{75835CA5-9EE1-485B-B711-39A521FF0696}C:\program files\i-funbox devteam\ifunbox.exe" = protocol=6 | dir=in | app=c:\program files\i-funbox devteam\ifunbox.exe | 
"TCP Query User{8F8053E4-801E-46B0-8F48-2024A0B8E91A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{ECACF773-42C9-43AF-B29B-0A313FAD7D31}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{F5875758-B6FC-45A3-938A-F320287E0589}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"UDP Query User{519B92AC-A44F-406E-A6EC-744524EB8031}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{5A034B1D-0C08-4C77-9EDC-6ADD3AF09FA9}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 
"UDP Query User{63EBA34D-59D8-4DF4-B26A-F18BC1647FFA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{70D7A3B0-1483-4F8F-98AD-F5072C9FAF05}C:\program files\i-funbox devteam\ifunbox.exe" = protocol=17 | dir=in | app=c:\program files\i-funbox devteam\ifunbox.exe | 
"UDP Query User{9C255F86-CE6E-4981-999B-BCEF5205A96B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{FE4CA65D-F047-4709-AB7D-AD4F971F22CC}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{438134D3-0BD4-4C52-8575-5B2B63AD01C2}" = RUBICon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT für Internet Explorer
"{C3CF41F1-0373-4DD7-BE99-F33B00E51031}" = Nero 7 Essentials
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}" = Switcher 2.0.0
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 2.90
"iFunbox_is1" = iFunbox (v1.98.948.666), iFunbox DevTeam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"ShotOnline" = ShotOnline
"SopCast" = SopCast 3.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TightVNC" = TightVNC 2.0.4
"Universal Extractor_is1" = Universal Extractor 1.6.1
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"winscp3_is1" = WinSCP 4.3.8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2012 14:59:33 | Computer Name = PC | Source = Windows Search Service | ID = 3038
Description = 
 
Error - 05.10.2012 14:59:33 | Computer Name = PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 05.10.2012 14:59:33 | Computer Name = PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 05.10.2012 14:59:33 | Computer Name = PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 09.10.2012 10:13:55 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.10.2012 10:13:55 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2940182
 
Error - 09.10.2012 10:13:55 | Computer Name = PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2940182
 
Error - 18.10.2012 13:24:31 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 15.0.1.4631,
 Zeitstempel: 0x5047f9c5  Name des fehlerhaften Moduls: xul.dll, Version: 15.0.1.4631,
 Zeitstempel: 0x5047f93b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0010e567  ID des fehlerhaften
 Prozesses: 0xd28  Startzeit der fehlerhaften Anwendung: 0x01cdaca4f12c6931  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\xul.dll  Berichtskennung: ad18fba1-1948-11e2-a460-ab3e589a9fab
 
Error - 20.10.2012 07:33:40 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: af8    Startzeit: 01cdaeb69d979b7b    Endzeit: 32    Anwendungspfad: 
C:\Windows\system32\NOTEPAD.EXE    Berichts-ID: f627cc6b-1aa9-11e2-a460-ab3e589a9fab

 
Error - 14.11.2012 09:57:28 | Computer Name = PC | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 12.12.2012 16:19:00 | Computer Name = PC | Source = Windows Search Service | ID = 3007
Description = 
 
[ OSession Events ]
Error - 01.07.2012 11:02:53 | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15813
 seconds with 3780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.07.2012 04:10:17 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LightScribeService Direct Disc Labeling Service erreicht.
 
Error - 02.07.2012 10:49:09 | Computer Name = PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst iphlpsvc erreicht.
 
Error - 05.07.2012 10:35:02 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 06.07.2012 09:34:16 | Computer Name = PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 06.07.2012 09:55:20 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
Error - 08.07.2012 04:50:45 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LightScribeService Direct Disc Labeling Service erreicht.
 
Error - 09.07.2012 03:36:59 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LightScribeService Direct Disc Labeling Service erreicht.
 
Error - 10.07.2012 11:01:17 | Computer Name = PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 11.07.2012 16:18:34 | Computer Name = PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 11.07.2012 16:28:38 | Computer Name = PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.20.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
XXX : PC [Administrator]

20.12.2012 17:38:12
mbam-log-2012-12-20 (17-47-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223413
Laufzeit: 5 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt.

(Ende)
         

Geändert von eckenecke (20.12.2012 um 18:02 Uhr)

Alt 20.12.2012, 18:12   #2
markusg
/// Malware-holic
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Hi
bei Malware niemals mehr die Systemwiederherstellung nutzen, du weist nie, was für malware auf dem PC ist und kannst mit der SWH mehr Schaden anrichten.
Gmer Log als Datei anhängen bitte
__________________

__________________

Alt 20.12.2012, 20:03   #3
eckenecke
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Die Wiederherstellung hab ich eigtl. quasi automatisch gemacht, da dies ja mögliche Option von Windows angeboten wird, wenn man auf das System nicht mehr zugreifen kann. Mir war nicht klar, dass das schädlich sein kann.

Gruß
__________________

Alt 21.12.2012, 13:04   #4
markusg
/// Malware-holic
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Hi, aso ok.
Dann war das ein Missverständniss, sorry.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2012, 13:49   #5
eckenecke
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



TDSS:
Code:
ATTFilter
14:46:36.0845 4536  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:46:38.0858 4536  ============================================================
14:46:38.0858 4536  Current date / time: 2012/12/21 14:46:38.0858
14:46:38.0858 4536  SystemInfo:
14:46:38.0858 4536  
14:46:38.0858 4536  OS Version: 6.1.7601 ServicePack: 1.0
14:46:38.0858 4536  Product type: Workstation
14:46:38.0858 4536  ComputerName: PC
14:46:38.0858 4536  UserName: XXX
14:46:38.0858 4536  Windows directory: C:\Windows
14:46:38.0858 4536  System windows directory: C:\Windows
14:46:38.0858 4536  Processor architecture: Intel x86
14:46:38.0858 4536  Number of processors: 2
14:46:38.0858 4536  Page size: 0x1000
14:46:38.0858 4536  Boot type: Normal boot
14:46:38.0858 4536  ============================================================
14:46:41.0091 4536  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:46:41.0184 4536  ============================================================
14:46:41.0184 4536  \Device\Harddisk0\DR0:
14:46:41.0184 4536  MBR partitions:
14:46:41.0184 4536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C47C0
14:46:41.0184 4536  ============================================================
14:46:41.0309 4536  C: <-> \Device\Harddisk0\DR0\Partition1
14:46:41.0309 4536  ============================================================
14:46:41.0309 4536  Initialize success
14:46:41.0309 4536  ============================================================
14:46:48.0657 3604  ============================================================
14:46:48.0657 3604  Scan started
14:46:48.0657 3604  Mode: Manual; SigCheck; TDLFS; 
14:46:48.0657 3604  ============================================================
14:46:49.0967 3604  ================ Scan system memory ========================
14:46:49.0967 3604  System memory - ok
14:46:49.0967 3604  ================ Scan services =============================
14:46:50.0139 3604  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:46:50.0326 3604  !SASCORE - ok
14:46:50.0607 3604  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:46:50.0700 3604  1394ohci - ok
14:46:50.0778 3604  [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
14:46:50.0825 3604  Accelerometer - ok
14:46:50.0872 3604  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:46:50.0919 3604  ACPI - ok
14:46:50.0950 3604  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:46:51.0012 3604  AcpiPmi - ok
14:46:51.0200 3604  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:46:51.0262 3604  AdobeARMservice - ok
14:46:51.0558 3604  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:46:51.0605 3604  AdobeFlashPlayerUpdateSvc - ok
14:46:51.0746 3604  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:46:51.0808 3604  adp94xx - ok
14:46:51.0839 3604  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:46:51.0870 3604  adpahci - ok
14:46:51.0886 3604  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:46:51.0902 3604  adpu320 - ok
14:46:51.0948 3604  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:46:52.0011 3604  AeLookupSvc - ok
14:46:52.0198 3604  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
14:46:52.0292 3604  AESTFilters - ok
14:46:52.0510 3604  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
14:46:52.0604 3604  AFD - ok
14:46:52.0650 3604  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
14:46:52.0697 3604  agp440 - ok
14:46:52.0744 3604  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
14:46:52.0775 3604  aic78xx - ok
14:46:52.0853 3604  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
14:46:52.0916 3604  ALG - ok
14:46:52.0931 3604  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:46:52.0978 3604  aliide - ok
14:46:52.0978 3604  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:46:52.0994 3604  amdagp - ok
14:46:53.0009 3604  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:46:53.0040 3604  amdide - ok
14:46:53.0087 3604  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:46:53.0150 3604  AmdK8 - ok
14:46:53.0181 3604  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:46:53.0243 3604  AmdPPM - ok
14:46:53.0306 3604  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:46:53.0352 3604  amdsata - ok
14:46:53.0368 3604  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:46:53.0399 3604  amdsbs - ok
14:46:53.0415 3604  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:46:53.0430 3604  amdxata - ok
14:46:53.0477 3604  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
14:46:53.0540 3604  AppID - ok
14:46:53.0586 3604  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:46:53.0680 3604  AppIDSvc - ok
14:46:53.0711 3604  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
14:46:53.0820 3604  Appinfo - ok
14:46:53.0914 3604  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:46:53.0961 3604  Apple Mobile Device - ok
14:46:54.0023 3604  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:46:54.0086 3604  AppMgmt - ok
14:46:54.0132 3604  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:46:54.0179 3604  arc - ok
14:46:54.0195 3604  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:46:54.0210 3604  arcsas - ok
14:46:54.0335 3604  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:46:54.0366 3604  aspnet_state - ok
14:46:54.0429 3604  [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
14:46:54.0476 3604  aswFsBlk - ok
14:46:54.0554 3604  [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:46:54.0585 3604  aswMonFlt - ok
14:46:54.0632 3604  [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
14:46:54.0663 3604  aswRdr - ok
14:46:54.0741 3604  [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:46:54.0819 3604  aswSnx - ok
14:46:54.0850 3604  [ 67B558895695545FB0568B7541F3BCA7 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:46:54.0866 3604  aswSP - ok
14:46:54.0881 3604  [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
14:46:54.0897 3604  aswTdi - ok
14:46:54.0912 3604  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:46:54.0990 3604  AsyncMac - ok
14:46:55.0037 3604  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
14:46:55.0053 3604  atapi - ok
14:46:55.0131 3604  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:46:55.0240 3604  AudioEndpointBuilder - ok
14:46:55.0271 3604  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:46:55.0318 3604  Audiosrv - ok
14:46:55.0365 3604  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:46:55.0396 3604  avast! Antivirus - ok
14:46:55.0458 3604  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:46:55.0521 3604  AxInstSV - ok
14:46:55.0583 3604  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
14:46:55.0677 3604  b06bdrv - ok
14:46:55.0739 3604  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
14:46:55.0802 3604  b57nd60x - ok
14:46:55.0864 3604  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:46:55.0926 3604  BDESVC - ok
14:46:55.0958 3604  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:46:56.0051 3604  Beep - ok
14:46:56.0098 3604  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
14:46:56.0238 3604  BFE - ok
14:46:56.0285 3604  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
14:46:56.0394 3604  BITS - ok
14:46:56.0410 3604  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:46:56.0472 3604  blbdrive - ok
14:46:56.0582 3604  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:46:56.0644 3604  Bonjour Service - ok
14:46:56.0691 3604  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:46:56.0753 3604  bowser - ok
14:46:56.0800 3604  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:46:56.0862 3604  BrFiltLo - ok
14:46:56.0894 3604  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:46:56.0956 3604  BrFiltUp - ok
14:46:57.0003 3604  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
14:46:57.0065 3604  Browser - ok
14:46:57.0112 3604  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:46:57.0190 3604  Brserid - ok
14:46:57.0221 3604  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:46:57.0284 3604  BrSerWdm - ok
14:46:57.0315 3604  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:46:57.0377 3604  BrUsbMdm - ok
14:46:57.0408 3604  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:46:57.0471 3604  BrUsbSer - ok
14:46:57.0502 3604  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:46:57.0564 3604  BTHMODEM - ok
14:46:57.0627 3604  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
14:46:57.0736 3604  bthserv - ok
14:46:57.0767 3604  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:46:57.0861 3604  cdfs - ok
14:46:57.0923 3604  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:46:57.0970 3604  cdrom - ok
14:46:58.0032 3604  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:46:58.0110 3604  CertPropSvc - ok
14:46:58.0157 3604  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:46:58.0235 3604  circlass - ok
14:46:58.0282 3604  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
14:46:58.0313 3604  CLFS - ok
14:46:58.0438 3604  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:46:58.0485 3604  clr_optimization_v2.0.50727_32 - ok
14:46:58.0563 3604  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:46:58.0594 3604  clr_optimization_v4.0.30319_32 - ok
14:46:58.0610 3604  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:46:58.0641 3604  CmBatt - ok
14:46:58.0672 3604  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:46:58.0703 3604  cmdide - ok
14:46:58.0750 3604  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:46:58.0781 3604  CNG - ok
14:46:58.0875 3604  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
14:46:58.0906 3604  Com4QLBEx - ok
14:46:58.0968 3604  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:46:59.0000 3604  Compbatt - ok
14:46:59.0062 3604  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:46:59.0140 3604  CompositeBus - ok
14:46:59.0156 3604  COMSysApp - ok
14:46:59.0187 3604  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:46:59.0202 3604  crcdisk - ok
14:46:59.0234 3604  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:46:59.0280 3604  CryptSvc - ok
14:46:59.0327 3604  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
14:46:59.0452 3604  CSC - ok
14:46:59.0483 3604  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
14:46:59.0592 3604  CscService - ok
14:46:59.0639 3604  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:46:59.0764 3604  DcomLaunch - ok
14:46:59.0795 3604  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:46:59.0920 3604  defragsvc - ok
14:46:59.0982 3604  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:47:00.0076 3604  DfsC - ok
14:47:00.0123 3604  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:47:00.0185 3604  Dhcp - ok
14:47:00.0216 3604  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
14:47:00.0279 3604  discache - ok
14:47:00.0326 3604  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:47:00.0357 3604  Disk - ok
14:47:00.0404 3604  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:47:00.0466 3604  Dnscache - ok
14:47:00.0513 3604  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:47:00.0606 3604  dot3svc - ok
14:47:00.0653 3604  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
14:47:00.0731 3604  DPS - ok
14:47:00.0778 3604  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:47:00.0856 3604  drmkaud - ok
14:47:00.0918 3604  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:47:00.0965 3604  dtsoftbus01 - ok
14:47:01.0012 3604  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:47:01.0090 3604  DXGKrnl - ok
14:47:01.0152 3604  [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
14:47:01.0215 3604  E1G60 - ok
14:47:01.0262 3604  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
14:47:01.0340 3604  EapHost - ok
14:47:01.0464 3604  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
14:47:01.0698 3604  ebdrv - ok
14:47:01.0745 3604  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
14:47:01.0870 3604  EFS - ok
14:47:01.0964 3604  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:47:02.0057 3604  ehRecvr - ok
14:47:02.0104 3604  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
14:47:02.0166 3604  ehSched - ok
14:47:02.0229 3604  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:47:02.0291 3604  elxstor - ok
14:47:02.0354 3604  [ 004B2EA6CC2598EC5F0552E43CE29CEF ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
14:47:02.0400 3604  enecir - ok
14:47:02.0432 3604  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:47:02.0510 3604  ErrDev - ok
14:47:02.0588 3604  esgiguard - ok
14:47:02.0634 3604  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
14:47:02.0728 3604  EventSystem - ok
14:47:02.0759 3604  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
14:47:02.0853 3604  exfat - ok
14:47:02.0884 3604  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:47:02.0978 3604  fastfat - ok
14:47:03.0056 3604  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
14:47:03.0165 3604  Fax - ok
14:47:03.0165 3604  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:47:03.0196 3604  fdc - ok
14:47:03.0227 3604  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
14:47:03.0321 3604  fdPHost - ok
14:47:03.0336 3604  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
14:47:03.0430 3604  FDResPub - ok
14:47:03.0477 3604  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:47:03.0508 3604  FileInfo - ok
14:47:03.0524 3604  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:47:03.0617 3604  Filetrace - ok
14:47:03.0633 3604  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:47:03.0664 3604  flpydisk - ok
14:47:03.0711 3604  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:47:03.0758 3604  FltMgr - ok
14:47:03.0804 3604  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
14:47:03.0898 3604  FontCache - ok
14:47:03.0976 3604  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:47:04.0007 3604  FontCache3.0.0.0 - ok
14:47:04.0038 3604  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:47:04.0070 3604  FsDepends - ok
14:47:04.0101 3604  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:47:04.0148 3604  Fs_Rec - ok
14:47:04.0210 3604  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:47:04.0272 3604  fvevol - ok
14:47:04.0335 3604  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:47:04.0366 3604  gagp30kx - ok
14:47:04.0428 3604  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:47:04.0460 3604  GEARAspiWDM - ok
14:47:04.0506 3604  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:47:04.0631 3604  gpsvc - ok
14:47:04.0648 3604  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:47:04.0710 3604  hcw85cir - ok
14:47:04.0773 3604  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:47:04.0851 3604  HdAudAddService - ok
14:47:04.0882 3604  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:47:04.0960 3604  HDAudBus - ok
14:47:04.0991 3604  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:47:05.0053 3604  HidBatt - ok
14:47:05.0085 3604  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:47:05.0147 3604  HidBth - ok
14:47:05.0194 3604  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:47:05.0256 3604  HidIr - ok
14:47:05.0287 3604  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
14:47:05.0350 3604  hidserv - ok
14:47:05.0397 3604  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:47:05.0459 3604  HidUsb - ok
14:47:05.0490 3604  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:47:05.0615 3604  hkmsvc - ok
14:47:05.0646 3604  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:47:05.0694 3604  HomeGroupListener - ok
14:47:05.0725 3604  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:47:05.0788 3604  HomeGroupProvider - ok
14:47:05.0819 3604  [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
14:47:05.0850 3604  hpdskflt - ok
14:47:05.0912 3604  [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:47:05.0959 3604  HpqKbFiltr - ok
14:47:06.0037 3604  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:47:06.0084 3604  hpqwmiex - ok
14:47:06.0131 3604  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:47:06.0178 3604  HpSAMD - ok
14:47:06.0178 3604  [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv           C:\Windows\system32\Hpservice.exe
14:47:06.0193 3604  hpsrv - ok
14:47:06.0256 3604  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:47:06.0365 3604  HTTP - ok
14:47:06.0380 3604  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:47:06.0412 3604  hwpolicy - ok
14:47:06.0458 3604  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:47:06.0521 3604  i8042prt - ok
14:47:06.0552 3604  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:47:06.0630 3604  iaStorV - ok
14:47:06.0708 3604  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:47:06.0770 3604  idsvc - ok
14:47:06.0833 3604  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:47:06.0895 3604  iirsp - ok
14:47:06.0973 3604  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:47:07.0114 3604  IKEEXT - ok
14:47:07.0145 3604  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:47:07.0176 3604  intelide - ok
14:47:07.0207 3604  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:47:07.0254 3604  intelppm - ok
14:47:07.0301 3604  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:47:07.0394 3604  IPBusEnum - ok
14:47:07.0410 3604  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:47:07.0504 3604  IpFilterDriver - ok
14:47:07.0550 3604  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:47:07.0660 3604  iphlpsvc - ok
14:47:07.0691 3604  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:47:07.0753 3604  IPMIDRV - ok
14:47:07.0784 3604  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:47:07.0862 3604  IPNAT - ok
14:47:07.0940 3604  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:47:08.0034 3604  iPod Service - ok
14:47:08.0096 3604  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:47:08.0159 3604  IRENUM - ok
14:47:08.0174 3604  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:47:08.0190 3604  isapnp - ok
14:47:08.0284 3604  [ 5F481C5493164163076F09A0B6AC2C00 ] iscFlash        C:\SwSetup\sp45138\iscflash.sys
14:47:08.0299 3604  iscFlash ( UnsignedFile.Multi.Generic ) - warning
14:47:08.0299 3604  iscFlash - detected UnsignedFile.Multi.Generic (1)
14:47:08.0346 3604  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:47:08.0377 3604  iScsiPrt - ok
14:47:08.0440 3604  [ AB772E9CC29C29F59CB4B75F9D6F3F96 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
14:47:08.0502 3604  JMCR - ok
14:47:08.0549 3604  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:47:08.0580 3604  kbdclass - ok
14:47:08.0642 3604  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:47:08.0705 3604  kbdhid - ok
14:47:08.0720 3604  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
14:47:08.0767 3604  KeyIso - ok
14:47:08.0783 3604  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:47:08.0798 3604  KSecDD - ok
14:47:08.0830 3604  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:47:08.0876 3604  KSecPkg - ok
14:47:08.0923 3604  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:47:09.0032 3604  KtmRm - ok
14:47:09.0064 3604  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:47:09.0142 3604  LanmanServer - ok
14:47:09.0157 3604  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:47:09.0220 3604  LanmanWorkstation - ok
14:47:09.0298 3604  [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:47:09.0329 3604  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:47:09.0329 3604  LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:47:09.0391 3604  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:47:09.0485 3604  lltdio - ok
14:47:09.0532 3604  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:47:09.0594 3604  lltdsvc - ok
14:47:09.0610 3604  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:47:09.0719 3604  lmhosts - ok
14:47:09.0750 3604  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:47:09.0781 3604  LSI_FC - ok
14:47:09.0781 3604  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:47:09.0812 3604  LSI_SAS - ok
14:47:09.0828 3604  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:47:09.0844 3604  LSI_SAS2 - ok
14:47:09.0844 3604  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:47:09.0875 3604  LSI_SCSI - ok
14:47:09.0922 3604  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
14:47:10.0000 3604  luafv - ok
14:47:10.0062 3604  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:47:10.0109 3604  Mcx2Svc - ok
14:47:10.0156 3604  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:47:10.0187 3604  megasas - ok
14:47:10.0202 3604  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:47:10.0249 3604  MegaSR - ok
14:47:10.0343 3604  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:47:10.0374 3604  Microsoft Office Groove Audit Service - ok
14:47:10.0405 3604  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
14:47:10.0499 3604  MMCSS - ok
14:47:10.0499 3604  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
14:47:10.0546 3604  Modem - ok
14:47:10.0592 3604  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:47:10.0639 3604  monitor - ok
14:47:10.0686 3604  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:47:10.0717 3604  mouclass - ok
14:47:10.0780 3604  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:47:10.0858 3604  mouhid - ok
14:47:10.0889 3604  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:47:10.0936 3604  mountmgr - ok
14:47:11.0014 3604  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:47:11.0060 3604  MozillaMaintenance - ok
14:47:11.0076 3604  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:47:11.0123 3604  mpio - ok
14:47:11.0138 3604  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:47:11.0185 3604  mpsdrv - ok
14:47:11.0248 3604  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:47:11.0341 3604  MpsSvc - ok
14:47:11.0372 3604  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:47:11.0450 3604  MRxDAV - ok
14:47:11.0497 3604  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:47:11.0575 3604  mrxsmb - ok
14:47:11.0606 3604  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:47:11.0684 3604  mrxsmb10 - ok
14:47:11.0716 3604  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:47:11.0778 3604  mrxsmb20 - ok
14:47:11.0825 3604  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
14:47:11.0856 3604  msahci - ok
14:47:11.0887 3604  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:47:11.0934 3604  msdsm - ok
14:47:11.0965 3604  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
14:47:12.0012 3604  MSDTC - ok
14:47:12.0043 3604  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:47:12.0090 3604  Msfs - ok
14:47:12.0090 3604  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:47:12.0137 3604  mshidkmdf - ok
14:47:12.0184 3604  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:47:12.0215 3604  msisadrv - ok
14:47:12.0277 3604  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:47:12.0371 3604  MSiSCSI - ok
14:47:12.0371 3604  msiserver - ok
14:47:12.0418 3604  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:47:12.0511 3604  MSKSSRV - ok
14:47:12.0542 3604  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:47:12.0636 3604  MSPCLOCK - ok
14:47:12.0667 3604  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:47:12.0745 3604  MSPQM - ok
14:47:12.0776 3604  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:47:12.0808 3604  MsRPC - ok
14:47:12.0839 3604  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:47:12.0854 3604  mssmbios - ok
14:47:12.0870 3604  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:47:12.0901 3604  MSTEE - ok
14:47:12.0917 3604  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:47:12.0948 3604  MTConfig - ok
14:47:12.0979 3604  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:47:12.0995 3604  Mup - ok
14:47:13.0026 3604  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
14:47:13.0104 3604  napagent - ok
14:47:13.0135 3604  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:47:13.0198 3604  NativeWifiP - ok
14:47:13.0244 3604  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:47:13.0338 3604  NDIS - ok
14:47:13.0385 3604  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:47:13.0447 3604  NdisCap - ok
14:47:13.0494 3604  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:47:13.0588 3604  NdisTapi - ok
14:47:13.0634 3604  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:47:13.0744 3604  Ndisuio - ok
14:47:13.0775 3604  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:47:13.0868 3604  NdisWan - ok
14:47:13.0915 3604  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:47:14.0009 3604  NDProxy - ok
14:47:14.0024 3604  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:47:14.0087 3604  NetBIOS - ok
14:47:14.0118 3604  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:47:14.0196 3604  NetBT - ok
14:47:14.0243 3604  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
14:47:14.0258 3604  Netlogon - ok
14:47:14.0352 3604  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
14:47:14.0461 3604  Netman - ok
14:47:14.0508 3604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:14.0524 3604  NetMsmqActivator - ok
14:47:14.0524 3604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:14.0555 3604  NetPipeActivator - ok
14:47:14.0570 3604  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
14:47:14.0664 3604  netprofm - ok
14:47:14.0680 3604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:14.0695 3604  NetTcpActivator - ok
14:47:14.0711 3604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:14.0726 3604  NetTcpPortSharing - ok
14:47:14.0976 3604  [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32        C:\Windows\system32\DRIVERS\NETw5s32.sys
14:47:15.0226 3604  NETw5s32 - ok
14:47:15.0366 3604  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
14:47:15.0600 3604  netw5v32 - ok
14:47:15.0631 3604  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:47:15.0662 3604  nfrd960 - ok
14:47:15.0678 3604  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:47:15.0740 3604  NlaSvc - ok
14:47:15.0865 3604  [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:47:15.0928 3604  NMIndexingService - ok
14:47:15.0928 3604  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:47:15.0990 3604  Npfs - ok
14:47:16.0021 3604  npggsvc - ok
14:47:16.0052 3604  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
14:47:16.0099 3604  nsi - ok
14:47:16.0115 3604  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:47:16.0208 3604  nsiproxy - ok
14:47:16.0302 3604  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:47:16.0396 3604  Ntfs - ok
14:47:16.0411 3604  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
14:47:16.0505 3604  Null - ok
14:47:16.0552 3604  [ 93C0F383B39B1F5FE7203E3270D4CF52 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
14:47:16.0598 3604  NVHDA - ok
14:47:16.0926 3604  [ 66B4BF606FCC7F0622D4A21BB1461089 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:47:17.0316 3604  nvlddmkm - ok
14:47:17.0363 3604  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:47:17.0378 3604  nvraid - ok
14:47:17.0425 3604  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:47:17.0472 3604  nvstor - ok
14:47:17.0534 3604  [ D122F7C5F79C68868F5DC28CEFEB2ECF ] nvsvc           C:\Windows\system32\nvvsvc.exe
14:47:17.0644 3604  nvsvc - ok
14:47:17.0753 3604  [ 003CB0A155568B4A53A301F07C734233 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:47:17.0893 3604  nvUpdatusService - ok
14:47:17.0924 3604  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:47:17.0940 3604  nv_agp - ok
14:47:18.0018 3604  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:47:18.0080 3604  odserv - ok
14:47:18.0112 3604  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:47:18.0174 3604  ohci1394 - ok
14:47:18.0236 3604  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:47:18.0283 3604  ose - ok
14:47:18.0314 3604  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:47:18.0377 3604  p2pimsvc - ok
14:47:18.0408 3604  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:47:18.0486 3604  p2psvc - ok
14:47:18.0533 3604  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:47:18.0580 3604  Parport - ok
14:47:18.0611 3604  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:47:18.0642 3604  partmgr - ok
14:47:18.0673 3604  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
14:47:18.0704 3604  Parvdm - ok
14:47:18.0736 3604  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:47:18.0767 3604  PcaSvc - ok
14:47:18.0798 3604  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
14:47:18.0845 3604  pci - ok
14:47:18.0845 3604  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
14:47:18.0876 3604  pciide - ok
14:47:18.0892 3604  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:47:18.0907 3604  pcmcia - ok
14:47:18.0923 3604  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
14:47:18.0954 3604  pcw - ok
14:47:19.0032 3604  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:47:19.0172 3604  PEAUTH - ok
14:47:19.0250 3604  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:47:19.0375 3604  PeerDistSvc - ok
14:47:19.0469 3604  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
14:47:19.0703 3604  pla - ok
14:47:19.0765 3604  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:47:19.0859 3604  PlugPlay - ok
14:47:19.0890 3604  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:47:19.0968 3604  PNRPAutoReg - ok
14:47:19.0999 3604  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:47:20.0046 3604  PNRPsvc - ok
14:47:20.0062 3604  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:47:20.0124 3604  PolicyAgent - ok
14:47:20.0171 3604  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
14:47:20.0233 3604  Power - ok
14:47:20.0280 3604  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:47:20.0342 3604  PptpMiniport - ok
14:47:20.0358 3604  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:47:20.0405 3604  Processor - ok
14:47:20.0452 3604  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
14:47:20.0483 3604  ProfSvc - ok
14:47:20.0498 3604  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:47:20.0514 3604  ProtectedStorage - ok
14:47:20.0576 3604  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:47:20.0670 3604  Psched - ok
14:47:20.0717 3604  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
14:47:20.0748 3604  PSI - ok
14:47:20.0795 3604  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:47:20.0904 3604  ql2300 - ok
14:47:20.0920 3604  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:47:20.0966 3604  ql40xx - ok
14:47:20.0998 3604  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
14:47:21.0060 3604  QWAVE - ok
14:47:21.0091 3604  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:47:21.0138 3604  QWAVEdrv - ok
14:47:21.0169 3604  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:47:21.0247 3604  RasAcd - ok
14:47:21.0310 3604  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:47:21.0372 3604  RasAgileVpn - ok
14:47:21.0403 3604  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
14:47:21.0434 3604  RasAuto - ok
14:47:21.0450 3604  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:47:21.0497 3604  Rasl2tp - ok
14:47:21.0559 3604  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
14:47:21.0653 3604  RasMan - ok
14:47:21.0668 3604  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:47:21.0746 3604  RasPppoe - ok
14:47:21.0793 3604  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:47:21.0840 3604  RasSstp - ok
14:47:21.0871 3604  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:47:21.0934 3604  rdbss - ok
14:47:21.0949 3604  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:47:21.0996 3604  rdpbus - ok
14:47:22.0058 3604  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:47:22.0105 3604  RDPCDD - ok
14:47:22.0136 3604  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:47:22.0183 3604  RDPDR - ok
14:47:22.0230 3604  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:47:22.0324 3604  RDPENCDD - ok
14:47:22.0355 3604  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:47:22.0433 3604  RDPREFMP - ok
14:47:22.0511 3604  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:47:22.0573 3604  RdpVideoMiniport - ok
14:47:22.0604 3604  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:47:22.0667 3604  RDPWD - ok
14:47:22.0729 3604  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:47:22.0776 3604  rdyboost - ok
14:47:22.0807 3604  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:47:22.0870 3604  RemoteAccess - ok
14:47:22.0916 3604  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:47:23.0010 3604  RemoteRegistry - ok
14:47:23.0088 3604  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:47:23.0197 3604  RpcEptMapper - ok
14:47:23.0228 3604  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
14:47:23.0260 3604  RpcLocator - ok
14:47:23.0275 3604  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
14:47:23.0322 3604  RpcSs - ok
14:47:23.0384 3604  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:47:23.0447 3604  rspndr - ok
14:47:23.0494 3604  [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
14:47:23.0540 3604  RTL8167 - ok
14:47:23.0572 3604  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:47:23.0618 3604  s3cap - ok
14:47:23.0650 3604  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
14:47:23.0665 3604  SamSs - ok
14:47:23.0728 3604  [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
14:47:23.0759 3604  Samsung UPD Service - ok
14:47:23.0853 3604  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:47:23.0884 3604  SASDIFSV - ok
14:47:23.0931 3604  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:47:23.0977 3604  SASKUTIL - ok
14:47:24.0024 3604  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:47:24.0055 3604  sbp2port - ok
14:47:24.0087 3604  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:47:24.0149 3604  SCardSvr - ok
14:47:24.0180 3604  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:47:24.0227 3604  scfilter - ok
14:47:24.0289 3604  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
14:47:24.0430 3604  Schedule - ok
14:47:24.0477 3604  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:47:24.0508 3604  SCPolicySvc - ok
14:47:24.0539 3604  [ 624795DF1993B955B0C0A03A4612F2EC ] SCR3XX2K        C:\Windows\system32\DRIVERS\SCR3XX2K.sys
14:47:24.0601 3604  SCR3XX2K - ok
14:47:24.0648 3604  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
14:47:24.0711 3604  sdbus - ok
14:47:24.0757 3604  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:47:24.0835 3604  SDRSVC - ok
14:47:24.0867 3604  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:47:24.0960 3604  secdrv - ok
14:47:24.0991 3604  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
14:47:25.0116 3604  seclogon - ok
14:47:25.0210 3604  [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
14:47:25.0288 3604  Secunia PSI Agent - ok
14:47:25.0319 3604  [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
14:47:25.0397 3604  Secunia Update Agent - ok
14:47:25.0444 3604  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
14:47:25.0553 3604  SENS - ok
14:47:25.0584 3604  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:47:25.0631 3604  SensrSvc - ok
14:47:25.0678 3604  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:47:25.0756 3604  Serenum - ok
14:47:25.0787 3604  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:47:25.0865 3604  Serial - ok
14:47:25.0896 3604  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:47:25.0974 3604  sermouse - ok
14:47:26.0021 3604  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:47:26.0068 3604  SessionEnv - ok
14:47:26.0099 3604  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:47:26.0115 3604  sffdisk - ok
14:47:26.0115 3604  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:47:26.0130 3604  sffp_mmc - ok
14:47:26.0146 3604  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:47:26.0161 3604  sffp_sd - ok
14:47:26.0177 3604  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:47:26.0208 3604  sfloppy - ok
14:47:26.0255 3604  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:47:26.0395 3604  SharedAccess - ok
14:47:26.0442 3604  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:47:26.0676 3604  ShellHWDetection - ok
14:47:26.0863 3604  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:47:26.0910 3604  sisagp - ok
14:47:26.0957 3604  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:47:27.0004 3604  SiSRaid2 - ok
14:47:27.0004 3604  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:47:27.0035 3604  SiSRaid4 - ok
14:47:27.0051 3604  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:47:27.0082 3604  Smb - ok
14:47:27.0144 3604  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:47:27.0191 3604  SNMPTRAP - ok
14:47:27.0191 3604  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:47:27.0207 3604  spldr - ok
14:47:27.0269 3604  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
14:47:27.0331 3604  Spooler - ok
14:47:27.0472 3604  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
14:47:27.0675 3604  sppsvc - ok
14:47:27.0721 3604  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:47:27.0784 3604  sppuinotify - ok
14:47:27.0831 3604  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:47:27.0877 3604  srv - ok
14:47:27.0909 3604  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:47:27.0955 3604  srv2 - ok
14:47:27.0971 3604  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:47:28.0018 3604  srvnet - ok
14:47:28.0065 3604  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:47:28.0174 3604  SSDPSRV - ok
14:47:28.0189 3604  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:47:28.0267 3604  SstpSvc - ok
14:47:28.0423 3604  [ FE7F776F2590C8331123BDA3A3A21DE6 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
14:47:28.0470 3604  STacSV - ok
14:47:28.0486 3604  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:47:28.0517 3604  stexstor - ok
14:47:28.0579 3604  [ DADB74BF26766757DBBA9C5912969EBF ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
14:47:28.0657 3604  STHDA - ok
14:47:28.0704 3604  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
14:47:28.0798 3604  StiSvc - ok
14:47:28.0829 3604  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:47:28.0876 3604  storflt - ok
14:47:28.0938 3604  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:47:28.0969 3604  storvsc - ok
14:47:29.0001 3604  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:47:29.0016 3604  swenum - ok
14:47:29.0047 3604  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
14:47:29.0110 3604  swprv - ok
14:47:29.0125 3604  Synth3dVsc - ok
14:47:29.0219 3604  [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:47:29.0266 3604  SynTP - ok
14:47:29.0328 3604  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
14:47:29.0453 3604  SysMain - ok
14:47:29.0484 3604  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:47:29.0531 3604  TabletInputService - ok
14:47:29.0562 3604  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:47:29.0625 3604  TapiSrv - ok
14:47:29.0671 3604  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
14:47:29.0765 3604  TBS - ok
14:47:29.0843 3604  [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:47:29.0952 3604  Tcpip - ok
14:47:30.0030 3604  [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:47:30.0077 3604  TCPIP6 - ok
14:47:30.0108 3604  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:47:30.0139 3604  tcpipreg - ok
14:47:30.0186 3604  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:47:30.0249 3604  TDPIPE - ok
14:47:30.0280 3604  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:47:30.0311 3604  TDTCP - ok
14:47:30.0358 3604  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:47:30.0451 3604  tdx - ok
14:47:30.0467 3604  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:47:30.0498 3604  TermDD - ok
14:47:30.0529 3604  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
14:47:30.0623 3604  TermService - ok
14:47:30.0685 3604  [ A56EC942ECABFB7849BFA76060F929FB ] TfFsMon         C:\Windows\system32\drivers\TfFsMon.sys
14:47:30.0717 3604  TfFsMon - ok
14:47:30.0763 3604  [ 917EF522563F6047685486EFA486FB3C ] TfNetMon        C:\Windows\system32\drivers\TfNetMon.sys
14:47:30.0779 3604  TfNetMon - ok
14:47:30.0810 3604  [ 57EDBB5FE7FF09BB21121D13BB950BA5 ] TfSysMon        C:\Windows\system32\drivers\TfSysMon.sys
14:47:30.0826 3604  TfSysMon - ok
14:47:30.0857 3604  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
14:47:30.0935 3604  Themes - ok
14:47:30.0982 3604  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
14:47:31.0044 3604  THREADORDER - ok
14:47:31.0091 3604  ThreatFire - ok
14:47:31.0138 3604  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
14:47:31.0247 3604  TrkWks - ok
14:47:31.0294 3604  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:47:31.0387 3604  TrustedInstaller - ok
14:47:31.0419 3604  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:47:31.0497 3604  tssecsrv - ok
14:47:31.0528 3604  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:47:31.0590 3604  TsUsbFlt - ok
14:47:31.0606 3604  tsusbhub - ok
14:47:31.0668 3604  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:47:31.0777 3604  tunnel - ok
14:47:31.0902 3604  [ AAF458CC200326BEF602B5339400BF86 ] tvnserver       C:\Program Files\TightVNC\tvnserver.exe
14:47:31.0980 3604  tvnserver - ok
14:47:32.0011 3604  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:47:32.0043 3604  uagp35 - ok
14:47:32.0074 3604  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:47:32.0167 3604  udfs - ok
14:47:32.0214 3604  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:47:32.0277 3604  UI0Detect - ok
14:47:32.0308 3604  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:47:32.0355 3604  uliagpkx - ok
14:47:32.0401 3604  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
14:47:32.0448 3604  umbus - ok
14:47:32.0495 3604  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:47:32.0542 3604  UmPass - ok
14:47:32.0589 3604  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:47:32.0667 3604  UmRdpService - ok
14:47:32.0713 3604  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
14:47:32.0854 3604  upnphost - ok
14:47:32.0916 3604  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
14:47:32.0947 3604  USBAAPL - ok
14:47:32.0994 3604  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:47:33.0057 3604  usbccgp - ok
14:47:33.0088 3604  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:47:33.0150 3604  usbcir - ok
14:47:33.0197 3604  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:47:33.0275 3604  usbehci - ok
14:47:33.0322 3604  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:47:33.0400 3604  usbhub - ok
14:47:33.0431 3604  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:47:33.0478 3604  usbohci - ok
14:47:33.0525 3604  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:47:33.0603 3604  usbprint - ok
14:47:33.0649 3604  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:47:33.0712 3604  usbscan - ok
14:47:33.0759 3604  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:47:33.0821 3604  USBSTOR - ok
14:47:33.0852 3604  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:47:33.0868 3604  usbuhci - ok
14:47:33.0915 3604  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:47:33.0993 3604  usbvideo - ok
14:47:34.0039 3604  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
14:47:34.0149 3604  UxSms - ok
14:47:34.0180 3604  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
14:47:34.0227 3604  VaultSvc - ok
14:47:34.0273 3604  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:47:34.0320 3604  vdrvroot - ok
14:47:34.0351 3604  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
14:47:34.0476 3604  vds - ok
14:47:34.0539 3604  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:47:34.0617 3604  vga - ok
14:47:34.0648 3604  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:47:34.0741 3604  VgaSave - ok
14:47:34.0757 3604  VGPU - ok
14:47:34.0788 3604  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:47:34.0835 3604  vhdmp - ok
14:47:34.0882 3604  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:47:34.0929 3604  viaagp - ok
14:47:34.0944 3604  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
14:47:34.0991 3604  ViaC7 - ok
14:47:35.0022 3604  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
14:47:35.0069 3604  viaide - ok
14:47:35.0100 3604  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:47:35.0147 3604  vmbus - ok
14:47:35.0163 3604  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:47:35.0194 3604  VMBusHID - ok
14:47:35.0209 3604  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:47:35.0225 3604  volmgr - ok
14:47:35.0272 3604  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:47:35.0287 3604  volmgrx - ok
14:47:35.0319 3604  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:47:35.0350 3604  volsnap - ok
14:47:35.0381 3604  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:47:35.0412 3604  vsmraid - ok
14:47:35.0459 3604  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
14:47:35.0553 3604  VSS - ok
14:47:35.0584 3604  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:47:35.0615 3604  vwifibus - ok
14:47:35.0631 3604  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:47:35.0677 3604  vwififlt - ok
14:47:35.0709 3604  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
14:47:35.0802 3604  W32Time - ok
14:47:35.0833 3604  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:47:35.0896 3604  WacomPen - ok
14:47:35.0927 3604  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:47:36.0005 3604  WANARP - ok
14:47:36.0021 3604  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:47:36.0052 3604  Wanarpv6 - ok
14:47:36.0130 3604  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
14:47:36.0270 3604  wbengine - ok
14:47:36.0301 3604  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:47:36.0364 3604  WbioSrvc - ok
14:47:36.0411 3604  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:47:36.0489 3604  wcncsvc - ok
14:47:36.0520 3604  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:47:36.0582 3604  WcsPlugInService - ok
14:47:36.0629 3604  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:47:36.0676 3604  Wd - ok
14:47:36.0723 3604  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:47:36.0816 3604  Wdf01000 - ok
14:47:36.0832 3604  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:47:36.0894 3604  WdiServiceHost - ok
14:47:36.0894 3604  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:47:36.0925 3604  WdiSystemHost - ok
14:47:36.0957 3604  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
14:47:37.0003 3604  WebClient - ok
14:47:37.0050 3604  [ F56A25B240391620B6E31ACF656F2018 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:47:37.0144 3604  Wecsvc - ok
14:47:37.0191 3604  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:47:37.0253 3604  wercplsupport - ok
14:47:37.0300 3604  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:47:37.0409 3604  WerSvc - ok
14:47:37.0440 3604  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:47:37.0518 3604  WfpLwf - ok
14:47:37.0534 3604  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:47:37.0565 3604  WIMMount - ok
14:47:37.0643 3604  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:47:37.0737 3604  WinDefend - ok
14:47:37.0768 3604  WinHttpAutoProxySvc - ok
14:47:37.0830 3604  [ 320B13F43726EB73B2D7AE8869AFAACE ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:47:37.0877 3604  Winmgmt - ok
14:47:37.0955 3604  [ 895AD0D039FAAE12D4C25E028051344C ] WinRM           C:\Windows\system32\WsmSvc.dll
14:47:38.0095 3604  WinRM - ok
14:47:38.0173 3604  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:47:38.0251 3604  WinUsb - ok
14:47:38.0298 3604  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:47:38.0407 3604  Wlansvc - ok
14:47:38.0454 3604  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:47:38.0501 3604  WmiAcpi - ok
14:47:38.0548 3604  [ A1BCA34F741D285E8A7CD3F3E734BBBD ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:47:38.0610 3604  wmiApSrv - ok
14:47:38.0704 3604  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:47:38.0813 3604  WMPNetworkSvc - ok
14:47:38.0844 3604  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:47:38.0907 3604  WPCSvc - ok
14:47:38.0938 3604  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:47:39.0000 3604  WPDBusEnum - ok
14:47:39.0063 3604  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:47:39.0156 3604  ws2ifsl - ok
14:47:39.0172 3604  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
14:47:39.0203 3604  wscsvc - ok
14:47:39.0219 3604  WSearch - ok
14:47:39.0297 3604  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:47:39.0437 3604  wuauserv - ok
14:47:39.0468 3604  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:47:39.0484 3604  WudfPf - ok
14:47:39.0546 3604  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:47:39.0609 3604  WUDFRd - ok
14:47:39.0671 3604  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:47:39.0733 3604  wudfsvc - ok
14:47:39.0780 3604  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:47:39.0858 3604  WwanSvc - ok
14:47:39.0889 3604  ================ Scan global ===============================
14:47:39.0936 3604  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:47:39.0967 3604  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
14:47:39.0999 3604  [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
14:47:40.0045 3604  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:47:40.0139 3604  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:47:40.0155 3604  [Global] - ok
14:47:40.0155 3604  ================ Scan MBR ==================================
14:47:40.0170 3604  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:47:40.0716 3604  \Device\Harddisk0\DR0 - ok
14:47:40.0716 3604  ================ Scan VBR ==================================
14:47:40.0716 3604  [ D5BD27ED1DF19982B99FA06BB95E3B45 ] \Device\Harddisk0\DR0\Partition1
14:47:40.0732 3604  \Device\Harddisk0\DR0\Partition1 - ok
14:47:40.0732 3604  ============================================================
14:47:40.0732 3604  Scan finished
14:47:40.0732 3604  ============================================================
14:47:40.0747 3724  Detected object count: 2
14:47:40.0747 3724  Actual detected object count: 2
14:47:55.0443 3724  iscFlash ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:55.0443 3724  iscFlash ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:47:55.0443 3724  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:55.0443 3724  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 21.12.2012, 13:53   #6
markusg
/// Malware-holic
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Fund nach Wiederherstellung wegen GVU Trojaner

Alt 21.12.2012, 14:44   #7
eckenecke
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Combofix:
Code:
ATTFilter
ComboFix 12-12-20.02 - XXX 21.12.2012  15:22:35.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3069.1654 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-21 bis 2012-12-21  ))))))))))))))))))))))))))))))
.
.
2012-12-21 14:36 . 2012-12-21 14:36	--------	d-----w-	c:\users\XXX\AppData\Local\temp
2012-12-21 14:36 . 2012-12-21 14:36	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-12-21 14:36 . 2012-12-21 14:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-20 15:03 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B53E0995-9899-4A45-BDE6-3EED49A1BB6B}\mpengine.dll
2012-12-20 14:13 . 2012-09-13 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-20 14:13 . 2012-09-13 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-20 14:13 . 2012-09-13 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-20 14:13 . 2012-09-13 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-20 14:13 . 2012-09-13 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-20 14:13 . 2012-09-13 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-20 14:13 . 2012-09-13 12:05	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-12 23:23 . 2012-12-12 23:23	--------	d-----w-	c:\windows\Migration
2012-12-12 20:20 . 2012-08-21 14:20	46080	----a-w-	c:\windows\system32\ncobjapi.dll
2012-12-12 20:19 . 2012-08-21 13:37	636928	----a-w-	c:\windows\system32\wbem\fastprox.dll
2012-12-12 20:19 . 2012-08-21 13:34	382464	----a-w-	c:\windows\system32\wbemcomn2.dll
2012-12-12 20:19 . 2012-08-21 13:32	909824	----a-w-	c:\windows\system32\wbem\wbemcore.dll
2012-12-12 20:12 . 2012-11-09 04:42	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 20:12 . 2012-11-05 20:32	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-12 20:12 . 2012-11-05 20:32	34304	----a-w-	c:\windows\system32\atmlib.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 12:05 . 2012-04-02 18:18	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 12:05 . 2012-02-16 20:34	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-02-28 13:55	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-02-28 13:55	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-02-28 13:55	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-02-28 13:55	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-02-28 13:55	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-02-16 22:19	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-02-28 13:55	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-10-16 07:39 . 2012-11-28 11:47	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59 . 2012-02-28 13:55	44784	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 17:40 . 2012-11-14 13:54	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 13:54	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-14 13:55	1293680	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 13:55	242176	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 13:55	52224	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 13:55	175104	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 13:55	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 13:55	156672	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 13:55	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 13:55	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-29 18:54 . 2012-02-19 21:33	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-14 13:52	78336	----a-w-	c:\windows\system32\synceng.dll
2012-09-24 21:16 . 2012-10-23 20:33	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-12-01 21:56 . 2012-12-01 21:56	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\XXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Switcher"="c:\program files\Switcher\Switcher.exe" [2007-10-28 425984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2012-09-10 14:58	59280	----a-w-	c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03	152872	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06	3481408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2012-08-29 12:00	59280	----a-w-	c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-05-22 06:38	160872	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2011-02-22 11:57	378128	----a-w-	c:\program files\ThreatFire\TFTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2011-08-03 13:23	828944	----a-w-	c:\program files\TightVNC\tvnserver.exe
.
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 iscFlash;iscFlash;c:\swsetup\sp45138\iscflash.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 03185243
*NewlyCreated* - PXLDAPOW
*Deregistered* - 03185243
*Deregistered* - pxldapow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1212)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(584)
c:\program files\ThreatFire\TFWAH.dll
.
Zeit der Fertigstellung: 2012-12-21  15:42:42
ComboFix-quarantined-files.txt  2012-12-21 14:42
.
Vor Suchlauf: 9 Verzeichnis(se), 162.803.249.152 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 165.524.955.136 Bytes frei
.
- - End Of File - - 30198944D8545A3E1EDCFB3197DF3825
         
Gruß

Alt 21.12.2012, 14:49   #8
markusg
/// Malware-holic
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.12.2012, 12:58   #9
eckenecke
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Ein Fund:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.22.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
XXX :: PC [Administrator]

22.12.2012 12:31:07
mbam-log-2012-12-22 (12-31-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372680
Laufzeit: 1 Stunde(n), 18 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-2a2aa6be (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Gruß

Alt 27.12.2012, 14:49   #10
markusg
/// Malware-holic
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Hi

lade den CCleaner standard:
CCleaner Download - CCleaner 3.26.1888
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.12.2012, 13:09   #11
eckenecke
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



moinmoin,

Code:
ATTFilter
AC3Filter 1.62b	Alexander Vigovsky	20.02.2012		1.62b notwendig
Adobe AIR	Adobe Systems Incorporated	13.09.2012		3.4.0.2540 unbekannt
Adobe Community Help	Adobe Systems Incorporated	20.02.2012		3.0.0.400 unbekannt
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.12.2012	6,00MB	11.5.502.135 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.12.2012	6,00MB	11.5.502.135 notwendig
Adobe Media Player	Adobe Systems Incorporated	20.02.2012		1.8 unbekannt
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	17.08.2012	122MB	10.1.4 notwendig
Apple Application Support	Apple Inc.	08.10.2012	64,5MB	2.2.2 notwendig
Apple Mobile Device Support	Apple Inc.	11.07.2012	24,4MB	5.2.0.6 notwendig
Apple Software Update	Apple Inc.	20.02.2012	2,38MB	2.1.3.127 notwendig
avast! Free Antivirus	AVAST Software	05.11.2012		7.0.1474.0 notwendig
Bonjour	Apple Inc.	20.02.2012	0,98MB	3.0.0.10 unnötig
CCleaner	Piriform	19.12.2012		3.26 notwendig
DAEMON Tools Lite	DT Soft Ltd	19.02.2012		4.45.3.0297 unnötig
DivX-Setup	DivX, LLC	01.03.2012		2.6.1.8 notwendig
Dropbox	Dropbox, Inc.	21.02.2012		1.2.52 notwendig
FormatFactory 2.90	Free Time	22.02.2012		2.90 notwendig
HP Quick Launch Buttons	Hewlett-Packard	16.02.2012		6.50.4.2 notwendig
iCloud	Apple Inc.	08.10.2012	47,4MB	2.0.2.187 notwendig
ICQ7.7	ICQ	18.02.2012		7.7 notwendig
IDT Audio	IDT	20.01.2012		1.0.6225.0 notwendig
iFunbox (v1.98.948.666), iFunbox DevTeam		10.07.2012	37,5MB	v1.98.948.666 notwendig
iTunes	Apple Inc.	11.07.2012	181MB	10.6.3.25 notwendig
Java 7 Update 9	Oracle	14.09.2012	128MB	7.0.90 notwendig
JMicron JMB38X Flash Media Controller Driver	JMicron Technology Corp.	16.02.2012 unbekannt		1.00.20.07
LightScribe System Software	LightScribe	16.02.2012	27,8MB	1.18.8.1 unbekannt
Malwarebytes Anti-Malware Version 1.65.1.1000	Malwarebytes Corporation	20.12.2012	19,4MB	1.65.1.1000 notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	16.02.2012	38,8MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	16.02.2012	2,93MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended	Microsoft Corporation	07.03.2012	51,9MB	4.0.30319 unbekannt
Microsoft Office Enterprise 2007	Microsoft Corporation	27.02.2012		12.0.6612.1000 unbekannt
Microsoft Office File Validation Add-In	Microsoft Corporation	27.02.2012	7,95MB	14.0.5130.5003 unbekannt
Microsoft Silverlight	Microsoft Corporation	11.05.2012	44,7MB	5.1.10411.0 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	16.02.2012	596KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.02.2012	600KB	9.0.30729.6161 unbekannt
Microsoft Visual Studio Tools for Applications 2.0 - ENU	Microsoft Corporation	28.05.2012	211MB	9.0.30729 unbekannt
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU	Microsoft Corporation	27.05.2012	96,0MB	9.0.30729 unbekannt
Microsoft Visual Studio Tools for Applications 2.0 Runtime	Microsoft Corporation	27.05.2012	158KB	9.0.30729 unbekannt
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU	Microsoft Corporation	27.05.2012	226KB	9.0.30729 unbekannt
Mozilla Firefox 17.0.1 (x86 de)	Mozilla	01.12.2012	42,3MB	17.0.1 notwendig
Mozilla Maintenance Service	Mozilla	01.12.2012	329KB	17.0.1 notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	25.09.2012	35,0KB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.09.2012	1,33MB	4.20.9876.0 unbekannt
MSXML 4.0 SP3 Parser	Microsoft Corporation	09.10.2012	1,47MB	4.30.2100.0 unbekannt
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	10.10.2012	1,53MB	4.30.2114.0 unbekannt
Nero 7 Essentials	Nero AG	13.09.2012	1,17GB	7.03.1084 notwendig
NVIDIA Grafiktreiber 285.62	NVIDIA Corporation	19.02.2012		285.62 notwendig
NVIDIA HD-Audiotreiber 1.2.24.0	NVIDIA Corporation	19.02.2012		1.2.24.0 notwendig
NVIDIA PhysX-Systemsoftware 9.11.0621	NVIDIA Corporation	16.02.2012		9.11.0621 notwendig
NVIDIA Update 1.5.20	NVIDIA Corporation	19.02.2012		1.5.20 notwendig
Pando Media Booster	Pando Networks Inc.	24.09.2012	5,46MB	2.6.0.8 unbekannt
PDF24 Creator 4.6.0	PDF24.org	07.06.2012	33,8MB	 notwendig
QuickTime	Apple Inc.	13.09.2012	73,2MB	7.72.80.56 unnötig
RUBICon	RUB	18.02.2012	13,0MB	2.0.25 notwendig
Samsung Universal Print Driver	Samsung Electronics Co., Ltd.	18.02.2012		2.02.05.00:24 notwendig
Secunia PSI (2.0.0.4003)	Secunia	18.02.2012	3,47MB	2.0.0.4003 notwendig
ShotOnline	OnNet	24.09.2012		1.0 unnötig
SopCast 3.5.0	www.sopcast.com	11.04.2012		3.5.0 unnötig
SUPERAntiSpyware	SUPERAntiSpyware.com	14.09.2012	148MB	5.5.1016 unnötig
Switcher 2.0.0	Bao Nguyen	27.03.2012	408KB	2.0.0 notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	20.03.2012	46,4MB	15.3.29.0 notwendig
System Requirements Lab		19.02.2012 unbekannt	
TightVNC 2.0.4	GlavSoft LLC.	17.03.2012		2.0.4 notwendig
Universal Extractor 1.6.1	Jared Breland	29.03.2012	11,8MB	1.6.1 notwendig
VLC media player 2.0.2	VideoLAN	11.07.2012		2.0.2 notwendig
Winamp	Nullsoft, Inc	17.02.2012		5.623  notwendig
Winamp Erkennungs-Plug-in	Nullsoft, Inc	17.02.2012	75,0KB	1.0.0.1 unnötig
Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)	ENE	16.02.2012 unbekannt		09/04/2008 2.6.0.0
WinRAR 4.10 (32-Bit)	win.rar GmbH	20.02.2012		4.10.0 notwendig
WinSCP 4.3.8	Martin Prikryl	15.07.2012	8,72MB	4.3.8 unnötig
WOT für Internet Explorer	WOT Services Oy	17.02.2012	1,22MB	11.11.7.0 unnötig
         
ich hoffe, nichts übersehen zu haben.

gruß

Alt 28.12.2012, 13:22   #12
markusg
/// Malware-holic
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
DAEMON
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:

LightScribe
Secunia : da gibts bereits Version 3, kümmern wir uns noch drumm.
ShotOnline
SopCast
SUPERAntiSpyware
WinSCP
WOT

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.12.2012, 14:41   #13
eckenecke
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Alles erledigt.

adwCleaner:
Code:
ATTFilter
# AdwCleaner v2.103 - Datei am 28/12/2012 um 15:40:06 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : xxx- PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\xxx\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7DE39862CC26DCE2446838AAF7CD5C163F835A57
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1340 octets] - [28/12/2012 15:40:06]

########## EOF - C:\AdwCleaner[R1].txt - [1400 octets] ##########
         

Alt 28.12.2012, 17:55   #14
markusg
/// Malware-holic
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



Hi,


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)
Neustarten, testen, wie PC + Programme wie Browser laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.12.2012, 18:15   #15
eckenecke
 
Fund nach Wiederherstellung wegen GVU Trojaner - Standard

Fund nach Wiederherstellung wegen GVU Trojaner



adwCleaner:
Code:
ATTFilter
# AdwCleaner v2.103 - Datei am 28/12/2012 um 19:06:28 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : xxx- PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\xxx\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7DE39862CC26DCE2446838AAF7CD5C163F835A57
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nlsgw1ek.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1469 octets] - [28/12/2012 15:40:06]
AdwCleaner[S1].txt - [1402 octets] - [28/12/2012 19:06:28]

########## EOF - C:\AdwCleaner[S1].txt - [1462 octets] ##########
         

Antwort

Themen zu Fund nach Wiederherstellung wegen GVU Trojaner
adobe, antimalwarebytes, antivirus, avast, bho, bonjour, defender, enigma, error, exploit.drop.gsa, firefox, flash player, format, helper, iexplore.exe, install.exe, launch, logfile, mozilla, nvidia update, office 2007, pando media booster, registry, rundll, scan, secunia psi, security, senden, software, system, temp, trojaner, udp, visual studio, windows



Ähnliche Themen: Fund nach Wiederherstellung wegen GVU Trojaner


  1. WIN 7 PC, nach Wiederherstellung über Systemabbild, extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 17.05.2015 (8)
  2. Windows 8.1: Virensuche [Whitescreen + Webcam] nach Wiederherstellung
    Log-Analyse und Auswertung - 03.02.2015 (8)
  3. Win7 64bit - RegSvr32 Fehler wegen Fund in .dat Datei
    Plagegeister aller Art und deren Bekämpfung - 17.08.2014 (7)
  4. RegSvr32 Fehler wegen Fund in .dat Datei
    Plagegeister aller Art und deren Bekämpfung - 31.05.2014 (7)
  5. Nach Wiederherstellung Trojan.Banker und Backdoor.bot gefunden
    Log-Analyse und Auswertung - 13.10.2013 (29)
  6. GVU Trojaner nach Wiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 16.01.2013 (12)
  7. Ist PC nach Systemabild wiederherstellung sauber ?
    Diskussionsforum - 04.11.2012 (1)
  8. Guv Virus was tuen nach System wiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (17)
  9. Kein Netz mehr nach Wiederherstellung
    Alles rund um Windows - 16.09.2012 (7)
  10. Windows startet nach (missglückter) Wiederherstellung nicht mehr
    Alles rund um Windows - 19.05.2012 (16)
  11. Wiederherstellung der verschlüsselten Dateien nach Trojan.Encoder
    Anleitungen, FAQs & Links - 25.04.2012 (1)
  12. Warnung von Bundespolizei und nach Wiederherstellung alles in Ordnung!
    Log-Analyse und Auswertung - 02.04.2012 (1)
  13. diverse Probleme nach 'Registrierungsdatei-Wiederherstellung'
    Mülltonne - 03.09.2011 (1)
  14. Wiederherstellung nach Windows Recovery unvollständig
    Plagegeister aller Art und deren Bekämpfung - 03.06.2011 (17)
  15. nach wiederherstellung von systemabbild virenfrei?
    Log-Analyse und Auswertung - 05.04.2011 (5)
  16. Trojaner nach wiederherstellung des C-Laufwerks
    Mülltonne - 26.09.2010 (2)
  17. Überprüfung d. Systems nach Trojanerbefall+anschließender Wiederherstellung
    Log-Analyse und Auswertung - 09.08.2008 (2)

Zum Thema Fund nach Wiederherstellung wegen GVU Trojaner - Moin, nachdem ich heute plötzlich den GVU Trojaner hatte, habe ich das System drei Tage zurückgesetzt und der Sperrbildschirm war wieder weg. Nach einem Scan mit Antimalwarebytes zeigte es mir - Fund nach Wiederherstellung wegen GVU Trojaner...
Archiv
Du betrachtest: Fund nach Wiederherstellung wegen GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.